quote:

---

What are the main challenges with blocking viruses and spam?

Ramzan: One of biggest challenges overall is that these things are rapidly evolving. We're seeing variations upon variation of various types of malware and viruses. The traditional approach of trying to use a signature-based detection to detect that this part file is good or bad is going to be limited. Signatures were very good 10 years ago when there were a small number of samples out there that were on a large number of machines. Nowadays, when you have essentially micro-distribution of a large number of threats, where maybe there are millions and millions of threats out there and each is on only a few machines, having a signature to try to protect against those threats doesn't work as well. That's because you're only protecting a few users at once with a given signature. It doesn't scale nicely. With reputation-based protection, we look at not only what the software is doing, but we might know that this application is only on five machines in the world. That's something we can monitor very easily. Whereas before the attacker would try to be the needle in a haystack and hide...we now have a very powerful magnet so we can find those needles effortlessly.

So is signature-based antivirus protection dead?

Ramzan: No, not at all. I think that signatures are very useful, but in a certain context. There are still threats out there that do get to a large number of machines. For example, we've seen the Conficker, or Downadup worm come out recently. That's a classic example of a threat that makes sense to protect with signatures. Signatures are simple, they're easy to compute, they've been around for a long time. They have their uses, but they only protect you against one spectrum or one part of the spectrum of possible threats out there.

---